[Updated] Inguma Pentest kit version 0.0.5.1 released

by

In: Application Scanner , Framework , Inguma , Vulnerability Scanner

21 October 2007

Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.

Changes for this release

  • Added one exploit for the vulnerability in SYS.LT.FINDRICSET (Oracle
    CPU Oct. 2007).
  • Added the module "firetest" to test firewall configurations.
  • Added module "brutessh" to brute force SSH servers.
  • Added module "bruteora" to brute force Oracle servers. It will check
    for every (commonly) possible user or for an specified user.
  • Added a tool to crack MD5 hashes using freely available rainbow
    tables.
  • Added module "sidguess" to guess the SID of an Oracle Database
    instance.
  • _*Initial*_ shellcode support. See the SIDVault remote root exploit
    and $INGUMA_DIR/lib/libexploit.py for details. x86 support with
    InlineEgg. Thanks you Gera!
  • Added a password cracker for Oracle11g.
  • Added a password cracker for MS SQL Server 7 and 2000.
  • Enhanced the Oracle PL/SQL Fuzzer. Now, if you redirect the output
    only the vulnerabilities found are logged, all the rest of the output
    are written to stderr.

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Application Scanner
Framework
Inguma
Vulnerability Scanner